Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:16 a.m.11 views

CVE-2024-0756

The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page...

5.4CVSS6.9AI score0.00202EPSS
Exploits2References1
OSV
OSV
added 2025/01/17 4:29 p.m.5 views

GHSA-FCR8-4R9F-R66M nbgrader's `frame-ancestors: self` grants all users access to formgrader

Impact Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enablesubdomains = False. 1915 disables a protection which would...

8.6CVSS6.2AI score0.00453EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/04/05 6:15 p.m.3 views

CVE-2022-28649

In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description...

5.4CVSS6.1AI score0.0038EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/03/10 5:42 p.m.1 views

UBUNTU-CVE-2021-3660

Cockpit and its plugins do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an HTML entry. This may be used by a malicious website in clickjacking or similar attacks...

4.3CVSS7.2AI score0.01242EPSS
Exploits0References3
securityvulns
securityvulns
added 2014/06/14 12:0 a.m.54 views

[ MDVSA-2014:111 ] otrs

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:111 http://www.mandriva.com/en/support/security/ Package : otrs Date : June 10, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerabilities: A logged in attack...

4.3CVSS8.5AI score0.01478EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2014/06/10 12:0 a.m.33 views

Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)

Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

4.3CVSS7.3AI score0.01478EPSS
Exploits2References3
Mageia
Mageia
added 2014/04/24 7:11 p.m.57 views

Updated otrs packages fix multiple vulnerabilities

Updated otrs package fixes security vulnerabilities: A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...

4.3CVSS8.5AI score0.01478EPSS
Exploits2References5
Mozilla
Mozilla
added 2010/06/22 12:0 a.m.23 views

focus() behavior can be used to inject or steal keystrokes — Mozilla

Google security researcher Michal Zalewski reported that focus could be used to change a user's cursor focus while they are typing, potentially directing their keyboard input to an unintended location. This behavior was also present across origins when content from one domain was embedded within...

5.8CVSS1.4AI score0.02018EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder